7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.974 High
EPSS
Percentile
99.9%
Foreign security agencies to Check Point disclosed that of the famous compression software WinRAR the presence of a elder level of security vulnerability once used by hackers, hackers could a malicious app implant userβs computer by a boot program, the vulnerability in 2005 already exists.
WinRAR is the Windows platform on the most well-known decompression software which can decompress RAR, ZIP, 7z, ACE, etc. a variety of compression format of the software. Currently the softwareβs official website referred to in the world there are more than 5 million users.
Chick Point security team using WinAEL fuzzing tool to detect the WinRAR security vulnerabilities, a total of find out CVE-2018-20250, CVE-2018-20251, CVE-2018-20252, CVE-2018-20253, etc. 4 security vulnerabilities, these security vulnerabilities the first three are related to the ACE compression format related, the other one is out of bounds write vulnerability.
Researchers said, used to parse the ACE document unacev2. dll exists a directory traversal vulnerability that allows an attacker will compressed document unzip to any directory, completely ignore the target folder of the various restrictions. The attacker only need to create a new ACE compressed file, and induce users turned on, this can be a malicious app through the directory traversal vulnerability to put into Windows startup file, the system once started, the malicious program will run automatically.
Since WinRAR for unpack the ACE the document unacev2. dll is developed by a third party, from the beginning of 2005, this third-party library is no longer updated, WinRAR official also unable to obtain the source code, WinRAR decided to give up on this format of support. In the future the launch of WinRAR 5.7 version, the ACE format support will officially stop.
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.974 High
EPSS
Percentile
99.9%